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Top Stories 

• A security researcher identified, and another researcher reported, that around 230 pages of 
sensitive customer information from bond insurer MBIA was available online and indexed 
by search engines due to a misconfigured server. - Softpedia (See item 6) 

• Researchers identified and analyzed a new piece of ATM malware known as Tyupkin that 
is installed on ATMs through a bootable CD and can allow attackers to withdraw currency 
without a card. - Softpedia (See item 7) 

• Hail -producing storms that moved across Arkansas October 7-8 damaged between 60 
percent and 90 percent of cotton crops in the Monette and Black Oak areas. - KAIT 8 
Jonesboro (See item 16 ) 

• Federal authorities arrested and charged a King of Prussia, Pennsylvania podiatrist October 
3 with allegedly defrauding Medicare out of nearly $300,000 by charging for procedures 
that were never performed. - Norristown Times Herald (See item 23 ) 
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Energy Sector 



1. October 8, Corpus Christi Caller-Times - (Texas) Tank leaks at Flint Hills, blocks 
corridor Tuesday night. Officials spent over 4 hours working to contain a vapor 
release of sulfur dioxide and hydrogen sulfide at the Flint Hills Resources’ West 
Refinery in Corpus Christi October 7 which caused the evacuation of all nonessential 
personnel while crews monitored the air quality. Authorities closed a portion of the Joe 
Fulton Corridor for more than 2 hours during the incident. 

Source: http://www.caller.com/news/local-news/tanks-leaks-at-flint-hills-corridor- 
blocked 03975871 

2. October 7, Associated Press - (West Virginia) Feds cite Patriot Coal in W.Va. mine 
accident. Patriot Coal was cited by the U.S. Department of Labor’s Mine Safety and 
Health Administration October 7 for serious violations following a May 12 accident at 
its Brody Mine No. 1 in Boone County that ki lled two miners due to a coal burst. 
Federal authorities determined the company failed to adequately protect miners from 
hazards and failed to report a similar burst May 9, allowing the evidence to be 
destroyed. 

Source: http://www.chron.com/business/energv/article/Feds-cite-Patriot-Coal-in-W-Va- 
mine-accident-5 807395 .php 

3. October 7, Bakersfield Californian - (California) Oxy settles charges it illegally 
dumped waste. The Central Valley Regional Water Quality Control Board reached a 
settlement October 7 with Occidental of Elk Hills and Vintage Production California, 
two Occidental Petroleum Corporation-owned oil producers, requiring them to pay 
$476,784 in penalties after they improperly disposed of 57,000 gallons of fluid waste 
into unlined pits at 14 oil well sites in Central Valley between early 2012 and 
November 2013. The board also reached a settlement with E&B Natural Resources 
Management Corp., for $39,984 to settle charges that the company dumped roughly 
5,000 gallons of produced water and crude oil into two unlined pits in the Poso Creek 
Oil Field in California. 

Source: http://www.bakersfieldcalifomian.com/business/kem-gusher/x782597164/Oxv- 
settles-charges-it-illegally-dumped-waste 

For additional stories, see items 13 and 31 
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Chemical Industry Sector 

Nothing to report 
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Nuclear Reactors, Materials, and Waste Sector 

4. October 7, Associated Press - (California) Inspector faults regulator on San Onofre 
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nuclear plant review. The U.S. Nuclear Regulatory Commission’s (NRC) Inspector 
General released a report October 7 stating that an NRC inspection in 2009 failed to 
recognize deficiencies in the way the swapping of steam generators at the San Onofre 
nuclear power plant in California was conducted. The plant was idled in 2012 and then 
closed in 2013 due to issues arising from the new steam generators. 

Source: http://losangeles.cbslocal.com/2014/10/07/inspector-faults-regulator-on-san- 
onofre-nuclear-plant-review/ 



[ Return to top ] 

Critical Manufacturing Sector 

See item 31 
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Defense Industrial Base Sector 

5. October 7, Associated Press - (Oregon) Chemical depot cleanup down to the final 
paperwork. URS Corp., announced October 6 a “closure complete” declaration for the 
Umatilla Chemical Depot chemical weapons incineration facility near Hermiston after 
crews demolished the plant and removed its support structures down to 20 feet below 
ground. Crews collected about 1,300 air, water, and concrete samples from the site to 
confirm that no contamination remains. 

Source: http://www.chem.info/news/2014/10/chemical-depot-cleanup-down-final- 
paperwork 

1 Return to top i 

Financial Services Sector 

6. October 8, Softpedia - (International) Largest US bond insurer suffers major data 
leak. A security researcher with Seely Security identified, and another researcher 
reported, that around 230 pages of sensitive customer information from bond insurer 
MBIA was available online and indexed by search engines due to a misconfigured 
server. MBIA responded by taking the server offline that caused the exposure of 
customer account numbers, balances, dividends, and other information, including for 
accounts linked to government institutions. 

Source: http://news.softpedia.com/news/Largest-US-Bond-Insurer-Suffers-Maior-Data- 
Leak-461400.shtml 

7. October 7, Softpedia - (International) Tyupkin is new ATM malware that allows 
cash extraction without card. Researchers with Kaspersky Lab identified and 
analyzed a new piece of ATM malware known as Tyupkin that is installed on ATMs 
through a bootable CD and can allow attackers to withdraw currency without a card. 
The malware includes several security features to prevent access and analysis and was 
mostly found in Eastern Europe as well as some cases in the U.S., Asia, and Western 
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Europe. 

Source: http://news.softpedia.com/news/Tyupkin-Is-New-ATM-Malware-That-Allows- 
Cash-Extraction-Without-Card-461309.shtml 



8. October 7, San Francisco Bay Area News Group - (California) San Ramon bank 
executive pleads guilty to conspiracy. A former executive at failed San Francisco 
bank United Commercial Bank pleaded guilty to a conspiracy charge October 7 for his 
role in deceiving investors, regulators, and depositors by altering documentation to 
downplay the bank’s losses. The bank received $297 million from the Troubled Asset 
Relief Program during the period while the former executive altered records, and the 
bank did not repay any of the funds before it collapsed. 

Source: http://www.contracostatimes.com/san-ramon/ci 2668352 1/san-ramon-bank- 
executive-pleads-guilty-conspiracy 

9. October 7, Birmingham News - (Alabama) Target fraud scheme: Plan to steal 
$500,000 in gift cards lands Brooklyn man in Alabama jail. A New York City man 
was arrested in Hoover for allegedly using more than 39 fraudulent Regions Bank 
payment cards to purchase $9,000 in gift cards at Target stores in Fultondale and 
Homewood. Regions Bank’s Card Monitoring Group detected the alleged fraudulent 
charges and alerted police, who stated that the cards could have been used to make over 
half a million dollars of fraudulent purchases. 

Source: 

http://www.al.com/news/birmingham/index.ssf/2014/10/missed target scheme to stea 
l.html 

10. October 7, KMVT 11 Twin Falls - (Idaho) Boise police arrest dozen people accused 
of using stolen credit accounts. Police in Boise arrested 12 individuals from Georgia 
October 6 for allegedly using fraudulent payment cards to purchase over $15,000 in gift 
cards. Police were alerted to the suspected fraud by local retailers and the payment 
cards appeared to be linked to recent security breaches from major corporations. 

Source: http://www.kmvt.com/news/latest/278450551.html 
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Transportation Systems Sector 

11. October 8, KHOU 11 Houston - (Texas) American Airlines flight makes emergency 
landing over Ebola scare after passenger gets sick. An American Airlines flight 
made an emergency landing at Midland International Airport and Spaceport in Texas 
October 7 due to an Ebola scare after a passenger became ill on the plane. Authorities 
removed and treated the passenger after determining that she likely did not have the 
disease. 

Source: http://houston.cbslocal.com/2014/10/08/american-airlines-flight-makes- 
emergency-landing-over-ebola-scare-after-passenger-gets-sick/ 

12. October 8, Associated Press - (California) California pilot dies fighting wildfire. A 
contracted DynCorp., pilot was killed October 7 when his single -person air tanker 
plane crashed while he was fighting a rapidly spreading wildfire near Yosemite 
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National Park in California. 

Source: http://www.msn.com/en-us/news/us/california-pilot-dies-in-crash-fighting- 
wildfire/ar-BB 85 VKQ 



13. October 8, Portage Daily Register - (Wisconsin) Crash spills 1,000 gallons of fuel 
near Randolph. An estimated 1,000 gallons of gasoline spilled when a semi-truck 
hauling about 8,500 gallons of gasoline and diesel fuel swerved and crashed on 
Highway 73 in Columbia County October 7, shutting down the highway for nearly 12 
hours while crews cleared the scene and removed the gasoline and diesel fuel. 

Source: http://host.madison.com/news/local/crime and courts/crash-spills-gallons-of- 
fuel-near-randolph/article d5a0931c-c5d9-5dle-bd37-a9c8ffffl69a.html 

14. October 7, WLWT 5 Cincinnati - (Ohio) Dozens of cattle escape after Tri-State 
truck crash. Four cows were killed and 90 others escaped October 6 after a semi-truck 
hauling the cattle crashed near the intersection of U.S. 62 and Ohio 72 in Leesburg, 
Ohio, forcing the closure of parts of the roadways for several hours while responders 
worked to capture the cows. Around 60-70 cows were still loose as of early October 8. 
Source: http://www.wlwt.com/news/dozens-of-cattle-escape-after-tri-state-truck- 
crash/28985754 



15. October 5, WLS 7 Chicago; Chicago Sun-Times - (Illinois) Bishop Ford crash kills 2, 
mangles vehicle under semi. Two people were killed when they crashed their vehicle 
into a stopped semi-truck, prompting the closure of outbound lanes on the Bishop Ford 
in Chicago for more than 4 hours October 5. 

Source: http://abc7chicago.com/news/bishop-ford-crash-kills-2-mangles-vehicle-under- 
semi/337271/ 



For another story, see item 1 
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Food and Agriculture Sector 

16. October 8, KAIT 8 Jonesboro - (Arkansas) Crops damaged by overnight 
thunderstorms. Hail-producing storms that moved across Arkansas October 7-8 
damaged between 60 percent and 90 percent of cotton crops in the Monette and Black 
Oak areas. 

Source: http://www.kait8.com/storv/26727290/crops-damaged-bv-overnight- 
thunderstorms 

17. October 8, U.S. Department of Agriculture - (National) Minnesota firm recalls meat 
and poultry products for possible Listeria contamination. The Food Safety and 
Inspection Service announced October 8 that Buddy’s Kitchen recalled about 62,488 
pounds of meat and poultry breakfast products due to possible Listeria monocytogenes 
contamination. The products were sent to distributors, retailers, and airlines nationwide. 
Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health- 
alerts/recall-case-archive/archive/2014/recall-068-20 14-release 



-5 - 



18. October 7, U.S. Environmental Protection Agency - (Pennsylvania) EPA Settlement 
with Altadis U.S.A. Inc. ensures compliance with toxic chemical reporting 
safeguards at McAdoo, Pa., tobacco plant. Altadis U.S. A., Inc., agreed to pay 
$54,500 to resolve allegations by the U.S. Environmental Protection Agency that the 
company violated federal and State chemical reporting requirements at the company’s 
McAdoo tobacco plant in 2010. 

Source: 

http://vosemite.epa.gov/opa/admpress.nsf/596el7d7cac720848525781f0043629e/6565e 

ff3a318dae685257d6aOQ6el8b8!OpenDocument 

19. October 7, U.S. Food and Drug Administration - (International) J&B European 
Distribution Inc. issues allergy alert for undeclared milk in Kupiec Rice Cakes 
with Dark Chocolate. The U.S. Food and Drug Administration announced October 7 
that J&B European Distribution Inc., issued a recall for 40 cases of Kupiec branded 
Rice Cakes with Dark Chocolate due to undeclared milk. The product was imported 
from Poland and distributed to retailers in four States. 

Source: http://www.fda.gov/Safety/Recalls/ucm417942.htm 

20. October 6, U.S. Food and Drug Administration - (National) HAR Maspeth Corp 
recalls Jinga brand “Pan Fried Anchovies” because of possible health risk. The 
U.S. Food and Drug Administration announced October 6 that HAR Maspeth Corp. 
issued a recall for Jinga-branded Pan Fried Anchovies due to possible contamination 
with Fisteria monocytogenes. The product was sold in 2-ounce and 4-ounce packages 
at retail stores nationwide and via mail orders. 

Source: http://www.fda.gov/Safety/Recalls/ucm417945.htm 

For another story, see item 14 
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Water and Wastewater Systems Sector 

21. October 7, KSAT 12 San Antonio - (Texas) Water returns to Carrizo Springs. Water 
service was restored to as many as 10,000 people in Carrizo Springs October 7 
following an October 6 water main break that left residents without water for nearly 24 
hours, closing businesses and schools. 

Source: http://www.ksat.com/content/pns/ksat/news/2014/10/Q7/water-retums-to- 
carrizo-springs.html 

22. October 7, KTAL 6 Texarkana - (Arkansas) Boil advisory issued for community in 
Arkansas. A boil water advisory was issued for residents living in Garland City, 
Arkansas, October 7 due to a water main break and was expected to remain in effect 
through October 10. 

Source: http://www.arklatexhomepage.com/storv/d/storv/boil-advisorv-issued-for- 
communitv-in-arkansas/35007/mv0xIew6QE6zTg9QF8XXEQ 

For another story, see item 31 
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Healthcare and Public Health Sector 

23. October 6, Norristown Times Herald - (Pennsylvania) King of Prussia woman 
charged with health care fraud, identity theft. Federal authorities arrested and 
charged a King of Prussia podiatrist October 3 with allegedly defrauding Medicare out 
of nearly $300,000 by charging for procedures that were never performed at her Center 
City Philadelphia office. The podiatrist allegedly submitted claims to Medicare in 
excess of $480,000 between January 2009 and December 2013 using Current 
Procedural Terminology medical codes for fraudulent services. 

Source: http://www.timesherald.com/general-news/20141006/king-of-prussia-woman- 
could-face-35-million-fine-if-convicted-of-health-care-fraud-identity-theft 
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Government Facilities Sector 

24. October 8, WCAU 10 Philadelphia - (Pennsylvania) 4 hurt in school bus crash. An 
accident involving an All-City Transportation school bus and a car left 4 people 
injured, including 1 child, after the 2 vehicles collided in southwest Philadelphia 
October 8. A second accident occurred in northwest Philadelphia involving a school 
bus and four other vehicles. 

Source: http://www.nbcphiladelphia.com/news/local/4-Hurt-in-School-Bus-Crash- 
278500491.html 

25. October 7, Cape Cod Times - (International) Mass. Maritime website hacked by 
apparent Islamic extremist group. Attackers claiming affiliation with the Moroccan 
Islamic Union-Mail group allegedly hacked the Web site of the Massachusetts 
Maritime Academy in Buzzards Bay twice October 6, once redirecting students to 
another site and a second time which shut down and destroyed contents on the 
homepage. School officials restored the site and worked to prevent any future 
cyberattacks. 

Source: 

http://www.capecodonline.com/apps/pbcs.dll/article?AID=/20141007/NEWS 11/14100 
9779 



26. October 7, Las Vegas Sun - (Nevada) 4 students, 2 adults taken to hospital after 
school bus crash. An accident involving a Clark County School District bus left 2 
adults injured and caused 4 students to be transferred to an area hospital as a precaution 
after the bus collided with a truck in the northwest valley area of Las Vegas October 7. 
Source: http://www.lasvegassun.com/news/2014/oct/07/school-bus-crash-pickup-truck- 
northwest-valley/ 



27. October 7, WCCO 4 Minneapolis - (Minnesota) Students sent home after bomb 
threat at Orono Middle School. Classes at Orono Middle School in Minneapolis 
resumed October 8 after a bomb threat prompted the evacuation of students and the 
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cancellation of classes October 7. Police searched the building and cleared the scene 
after nothing suspicious was found. 

Source: http://minnesota.cbslocal.corn/2014/10/07/police-orono-middle-school- 
evacuated-due-to-bomb-threat/ 

For additional stories, see items 5, 6, 12, and 21 
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Emergency Services Sector 

Nothing to report 
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Information Technology Sector 

28. October 8, Securityweek - (International) Google fixes 159 security bugs with release 
of Chrome 38. Google released the latest version of its Chrome browser for Windows, 
Linux, Mac, and iOS, closing 159 security vulnerabilities. 

Source: http://www.securitvweek.com/google-fixes-159-securitv-bugs-release-chrome- 
38 

29. October 8, The Register - (International) Adobe spies on reading habits over 
unencrypted web because your ‘privacy is important.’ Adobe confirmed October 8 
that its Digital Editions software collects information on users’ ebooks and sends it to 
Adobe servers as part of digital rights management (DRM) practices after a researcher 
reported finding the traffic being sent from Digital Editions. The company also 
confirmed that the information was sent in an unencrypted format and would be 
corrected, and stated that it was investigating the researcher’s claims that the program 
collected additional information on ebooks files stored on users’ systems. 

Source: 

http://www.theregister.co.uk/2014/10/Q8/adobe says it slurps ebook data in plain te 
xt because privacy is important/ 

30. October 8, Securityweek - (International) SSDP reflection attacks spike in Q3: Arbor 
Networks. Arbor Networks released its report on distributed denial of service (DDoS) 
attacks during the third quarter (Q3) of 2014 and found that Simple Service Discovery 
Protocol (SSDP) reflection attacks grew significantly during Q3, with almost 30,000 
such attacks during the quarter, among other findings. 

Source: http://www.securitvweek.com/ssdp-reflection-attacks-spike-q3-arbor-networks 

3 1 . October 7, Securityweek - (International) Siemens swats security bugs affecting PCS 
7. Siemens released an update for its PCS 7 supervisory control and data acquisition 
(SCAD A) product that addresses five issues with the WinCC product, including a hard 
coded encryption key and another issue that could lead to privilege escalation. 

Source: http://www.securitvweek.com/siemens-swats-security-bugs-affecting-pcs-7 
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32. October 7, IDG News Service - (International) Belkin says router outages should be 
resolved. Belkin stated October 7 that it fixed an issue in some older wireless routers 
that caused the routers to experience problems around midnight October 7 when 
pinging a Belkin-hosted service in order to check network connectivity. Belkin advised 
users still experiencing issues to restart their routers. 

Source: http://www.networkworld.com/article/2721154/wifi/belkin-says-router- 
outages-should-be-resolved.html 

Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 
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Communications Sector 

33. October 7, Dallas Business Journal - (Texas) AT&T working to restore wireless, 
wireline service in DFW. AT&T technicians worked to restore wireline and wireless 
services for customers across the Dallas-Fort Worth area after a series of storms 
October 2 knocked out service. 

Source: http://www.bizioumals.com/dallas/news/2014/10/06/at-t-working-to-restore- 
wireless-wireline-service.html 
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Commercial Facilities Sector 

34. October 8, WPIX 11 New York City - (New York) 5 injured when box truck jumps 
curb, crashes into Queens bagel shop. Five people were injured when the driver of a 
box truck lost control of the vehicle October 8 and crashed into a Bagels For You 
restaurant in the Queens section of New York City. Authorities are investigating the 
incident. 

Source: http://pixll.com/2014/10/08/box-truck-iumps-curb-crashes-into-queens-bagel- 
shop/ 

35. October 8, Bucks County Courier Times - (Pennsylvania) Theater worker injured in 
fire at Oxford Valley Mall. One United Artists Theater employee was seriously 
injured October 8 when an electrical fire broke out inside a projection room of the 
movie theater near the Oxford Valley Mall in Pennsylvania. 

Source: http://www.buckscountvcouriertimes.com/news/local/theater-worker-iniured- 
in-fire-at-oxford-valley-mall/article 61f274d3-90fd-5ed3-8f04-086798b6b086.html 

36. October 7, Daily Hampshire Gazette - (Massachusetts) Two restaurants, apartments 
in downtown Northampton evacuated after high levels of carbon monoxide 
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detected. A Northampton building that houses two restaurants and several apartments 
was evacuated and closed October 7 due to elevated levels of carbon monoxide inside 
the structure. Gas service was shut off while crews inspected a boiler and chimney in 
the building and made repairs. 

Source: http://www.gazettenet.com/news/townbvtown/northampton/13857350-95/two- 

restaurants-apartments-in-downtown-northampton-evacuated-after-high-levels-of- 

carbon-monoxide-de 



37. October 7, San Francisco Chronicle - (California) Novato Taco Bell gas leak sends 3 
to hospital. Two staff and one customer at a Taco Bell in Novato were transported to a 
local hospital following a gas leak inside the restaurant. Crews contained the leak that 
was coming from a gas valve on a heating and air conditioning system that was stuck in 
the open position. 

Source: http://www.sfgate.com/bavarea/article/Novato-gas-leak-sends-three-to- 
hospital-5 806945 .php 

38. October 6, WIBW 13 Topeka - (Kansas) Bomb threats at several Topeka stores 
Monday. Two Dollar General stores and a CVS in Topeka were evacuated for about 2 
hours October 6 due to a string of bomb threats that were separately called in to each 
store. Police cleared the stores after no explosive devices were found. 

Source: http://www.wibw.com/home/headlines/Bomb-Threats-At-Several-Topeka- 
Stores-Monday-2783 1 807 1 .html 



For another story, see item 21 
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Dams Sector 



39. October 7, Hungry Horse News - (Washington; Montana) Hungry Horse Dam to get 
turbine repairs. The U.S. Bureau of Reclamation awarded a $7 million, 5-year 
contract for turbine repair work at the Hungry Horse Dam in Montana and Grand 
Coulee Dam in Washington that will involve welding and grinding in order to ensure 
the units continue to operate. 

Source: http://www.flatheadnewsgroup.com/hungrvhorsenews/hungry-horse-dam-to- 
get-turbine-repairs/article 3a939364-4e33- 1 Ie4-b4ec-3306263c6eed.html 
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Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US -CERT at soc@us-cert.gov or visit 
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